LDAP

From Ever changing code
Jump to navigation Jump to search

In Active Directory (AD) (or any LDAP directory), objects are referred to by Distinguished Name (DN). The parts of a distinguished name, delimited by commas, represent where in the AD heirarchy the object exists. The monikers in a DN are: 

Moniker object example
------- ------- ---------
cn Common Name cn=Joe User
ou Organizational Unit ou=Sales
dc Domain Component dc=MyDomain

An example of the Distinguished Name of a user object could be: 

cn=Joe User,ou=Sales,ou=West,dc=MyDomain,dc=com

In this case, the object with Common Name "Joe User" is in the Organizational Unit "ou=Sales", which in turn is in the Organizational Unit "ou=West", which is in the domain "MyDomain.com". Users can in Organizational Units, as in my example, or in Containers. Containers are identified by Common Name (similar to user, computer, or group objects). The most common container is the default "cn=Users" container. If user "cn=Jim Smith" is in the "Users" container, then the DN w ill be: 

cn=Jim Smith,cn=Users,dc=MyDomain,dc=com

The Relative Distinguished Name RDN) of the user is "cn=Jim Smith". The RDN is the highest level part of the DN, which identifies the object in it's parent container. The parent container for "cn=Jim Smith" is the container "cn=Users,dc=MyDomain,dc=com". The RDN of this container is "cn=Users". Note that the Common Name is used to identify several classes of objects, namely user objects, computer objects, container objects, and group objects. Organizational Units are identified by the "ou" moniker.

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=LDAP&oldid=1663